Researchers uncover an unpatchable security flaw affecting several iPhone generations | Infinium-tech
on researchers paradigm shift Published a comprehensive report detailing a built-in security flaw that comes with some Apple devices. The security issue involves USB and several Apple Silicon chips, and is called “usbliter8”.
The Usbliter8 exploit affects all devices running A12, A13, S4, and S5 chips. This means the iPhone XR, iPhone XS/XS Max, iPad Air 3, iPad Mini 5, iPad 8, 2nd generation Apple TV 4K, iPhone 11, 11 Pro/11 Pro Max, iPhone SE, iPad 9, Studio Display, Apple Watch Series 4, Series 5, and Apple Watch SE. These device owners should be cautious and here’s why.
This exploit revolves around a hardware bug specific to USB and a specific configuration flaw in the device’s firmware, rendering the exploit inaccessible. The good news is that attackers only need to have access to the device to exploit the bug.
While in DFU mode, you can send specific data to the device over USB, confusing the USB controller and forcing it to write data to the wrong part of memory, effectively injecting customized code before iOS boots. This way you can bypass signature checks, run modified system software, etc.
Fortunately, the exploit does not affect the device’s security enclave, where encrypted data, such as passcodes and other sensitive user data, resides.
So what now? The researchers said Apple worked closely with them to resolve the issue, but in the end, the most effective way to ensure that your data remains safe if someone steals your handset is to upgrade the device with a new one. Interestingly, for example, the bug does not affect older devices running A11.
Leave a Reply